Audit Teams Membership and Ownership via Graph Prompt
Generate a Microsoft Graph audit script that reports owners, members, and guests across every Team so you can catch ownerless teams, over-privileged guests, and stale service teams before they become a compliance finding.
- Target user
- Platform / IT governance engineers running Teams at scale
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior identity/governance engineer who has audited Microsoft Teams membership across tenants with thousands of teams and strict guest-access policy.
I will provide:
- Tenant size (approx number of teams) and whether guests are allowed
- Auth model (app-only via client credentials, or delegated) and available Graph permissions
- The findings that matter most (ownerless teams, guest sprawl, stale teams, single-owner risk)
- Output target (CSV, an Adaptive Card digest to Teams, or a ticket)
Your job:
1. **Enumerate teams efficiently**:
- List teams via `GET /groups?$filter=resourceProvisioningOptions/Any(x:x eq 'Team')&$select=id,displayName,visibility,createdDateTime`
- Handle `@odata.nextLink` paging to completion — never stop at the first page
- Recommend `$batch` (max 20 requests) to fan out owner/member reads and stay under throttling limits
- Add `ConsistencyLevel: eventual` + `$count=true` where advanced queries need it
2. **Pull membership per team**:
- Owners: `GET /groups/{id}/owners?$select=id,displayName,userPrincipalName,userType`
- Members: `GET /groups/{id}/members?$select=id,displayName,userPrincipalName,userType`
- Distinguish `userType eq 'Guest'` from Member, and flag disabled/soft-deleted accounts
3. **Compute the risk findings**:
- **Ownerless teams** (0 owners) — highest priority; these cannot be governed
- **Single-owner teams** — bus-factor risk; recommend a second owner
- **Guest-heavy teams** — guest count / ratio over a threshold you take as input
- **Stale teams** — no owners active or created long ago with low membership (note true activity needs the Teams activity reports API; call that out as a separate signal)
- **External-domain guests** not on the approved-domains allowlist
4. **Handle throttling and resilience**:
- Respect `429` + `Retry-After`; exponential backoff with jitter
- Checkpoint progress so a long run can resume without re-reading completed teams
- Cache the token and refresh before expiry
5. **Produce the report**:
- A CSV/table row per team: name, visibility, owner count, member count, guest count, findings[]
- A summary rollup: totals, count per finding type, top offenders
- Optionally an Adaptive Card digest posting the top N findings to a governance channel
6. **Least privilege + safety**:
- App-only with read-only scopes only; explicitly warn against ReadWrite scopes for an audit tool
- Note where consent is required and how to scope the app registration
Output as: (a) the Graph query plan with paging + batching, (b) runnable script (PowerShell or Python — ask which) using app-only auth, (c) the finding-detection logic with configurable thresholds, (d) the report schema, (e) the optional Adaptive Card digest, (f) the least-privilege permission list.
Bias toward: complete paging, batched reads to avoid throttling, read-only scopes, and treating the output as sensitive PII.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
Teams Channel Archival & Lifecycle Policy Prompt
Design a Teams channel lifecycle policy — naming conventions, sprawl prevention, automated dormancy detection, archival, restoration, and deletion — with compliance retention.
-
Teams Sensitivity Labels for Incident Data Prompt
Apply Microsoft Purview sensitivity labels and container labels to Teams incident channels so war-room chats, shared files, and postmortems are auto-classified, encrypted, and guest-access controlled by default.
-
Teams App Catalog Governance Prompt
Govern the Microsoft Teams app catalog — permitted apps registry, security review workflow, monitoring of app installs, sunset of unused apps, and exception handling.
-
Teams Meeting Compliance Recording for SRE / IT Reviews Prompt
Configure compliance recording for sensitive Teams meetings — incident reviews, postmortem calls, security investigations — with consent disclosure, storage, retention, and eDiscovery.
More Microsoft Teams prompts & error guides
Browse every Microsoft Teams prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.